fix: claims for userroles

sattvikc · sattvikc · commit 6e6f24401995 · 2022-08-25T12:39:56.000+05:30
diff --git a/recipe/userroles/claims.go b/recipe/userroles/claims.go
@@ -0,0 +1,79 @@
+package userroles
+
+import (
+	"github.com/supertokens/supertokens-golang/recipe/session/claims"
+	urclaims "github.com/supertokens/supertokens-golang/recipe/userroles/claims"
+	"github.com/supertokens/supertokens-golang/supertokens"
+)
+
+func init() {
+	urclaims.UserRoleClaim = NewUserRoleClaim()
+	urclaims.PermissionClaim = NewPermissionClaim()
+}
+
+func NewUserRoleClaim() *urclaims.TypeUserRoleClaim {
+	fetchValue := func(userId string, userContext supertokens.UserContext) (interface{}, error) {
+		recipe, err := getRecipeInstanceOrThrowError()
+		if err != nil {
+			return nil, err
+		}
+		roles, err := (*recipe.RecipeImpl.GetRolesForUser)(userId, userContext)
+		if err != nil {
+			return nil, err
+		}
+
+		rolesArray := make([]interface{}, len(roles.OK.Roles))
+		for i, role := range roles.OK.Roles {
+			rolesArray[i] = role
+		}
+		return rolesArray, nil
+	}
+
+	primitiveArrayClaim := claims.PrimitiveArrayClaim("st-role", fetchValue, nil)
+	return &urclaims.TypeUserRoleClaim{
+		TypePrimitiveArrayClaim: primitiveArrayClaim,
+		Validators: &urclaims.TypeUserRoleClaimValidators{
+			PrimitiveArrayClaimValidators: primitiveArrayClaim.Validators,
+		},
+	}
+}
+
+func NewPermissionClaim() *urclaims.TypePermissionClaim {
+	fetchValue := func(userId string, userContext supertokens.UserContext) (interface{}, error) {
+		recipe, err := getRecipeInstanceOrThrowError()
+		if err != nil {
+			return nil, err
+		}
+		roles, err := (*recipe.RecipeImpl.GetRolesForUser)(userId, userContext)
+		if err != nil {
+			return nil, err
+		}
+
+		permissionSet := map[string]bool{}
+		for _, role := range roles.OK.Roles {
+			permissions, err := (*recipe.RecipeImpl.GetPermissionsForRole)(role, userContext)
+			if err != nil {
+				return nil, err
+			}
+			for _, permission := range permissions.OK.Permissions {
+				permissionSet[permission] = true
+			}
+		}
+
+		result := []interface{}{}
+
+		for perm := range permissionSet {
+			result = append(result, perm)
+		}
+
+		return result, nil
+	}
+
+	primitiveArrayClaim := claims.PrimitiveArrayClaim("st-perm", fetchValue, nil)
+	return &urclaims.TypePermissionClaim{
+		TypePrimitiveArrayClaim: primitiveArrayClaim,
+		Validators: &urclaims.TypePermissionClaimValidators{
+			PrimitiveArrayClaimValidators: primitiveArrayClaim.Validators,
+		},
+	}
+}
diff --git a/recipe/userroles/claims/claims.go b/recipe/userroles/claims/claims.go
@@ -0,0 +1,25 @@
+package claims
+
+import "github.com/supertokens/supertokens-golang/recipe/session/claims"
+
+type TypeUserRoleClaim struct {
+	*claims.TypePrimitiveArrayClaim
+	Validators *TypeUserRoleClaimValidators
+}
+
+type TypeUserRoleClaimValidators struct {
+	*claims.PrimitiveArrayClaimValidators
+}
+
+var UserRoleClaim *TypeUserRoleClaim
+
+type TypePermissionClaim struct {
+	*claims.TypePrimitiveArrayClaim
+	Validators *TypePermissionClaimValidators
+}
+
+type TypePermissionClaimValidators struct {
+	*claims.PrimitiveArrayClaimValidators
+}
+
+var PermissionClaim *TypePermissionClaim
diff --git a/recipe/userroles/recipe.go b/recipe/userroles/recipe.go
@@ -19,6 +19,8 @@ import (
 	"errors"
 	"net/http"
 
+	"github.com/supertokens/supertokens-golang/recipe/session"
+	"github.com/supertokens/supertokens-golang/recipe/userroles/claims"
 	"github.com/supertokens/supertokens-golang/recipe/userroles/userrolesmodels"
 	"github.com/supertokens/supertokens-golang/supertokens"
 )
@@ -66,6 +68,22 @@ func recipeInit(config *userrolesmodels.TypeInput) supertokens.Recipe {
 				return nil, err
 			}
 			singletonInstance = &recipe
+
+			supertokens.AddPostInitCallback(func() {
+				sessionRecipe, err := session.GetRecipeInstanceOrThrowError()
+				if err != nil {
+					return
+				}
+
+				if !config.SkipAddingRolesToAccessToken {
+					sessionRecipe.AddClaimFromOtherRecipe(claims.UserRoleClaim.TypeSessionClaim)
+				}
+
+				if !config.SkipAddingPermissionsToAccessToken {
+					sessionRecipe.AddClaimFromOtherRecipe(claims.PermissionClaim.TypeSessionClaim)
+				}
+			})
+
 			return &singletonInstance.RecipeModule, nil
 		}
 		return nil, errors.New("User Roles recipe has already been initialised. Please check your code for bugs.")
diff --git a/recipe/userroles/userrolesmodels/models.go b/recipe/userroles/userrolesmodels/models.go
@@ -16,10 +16,16 @@
 package userrolesmodels
 
 type TypeInput struct {
+	SkipAddingRolesToAccessToken       bool
+	SkipAddingPermissionsToAccessToken bool
+
 	Override *OverrideStruct
 }
 
 type TypeNormalisedInput struct {
+	SkipAddingRolesToAccessToken       bool
+	SkipAddingPermissionsToAccessToken bool
+
 	Override OverrideStruct
 }
 
diff --git a/recipe/userroles/utils.go b/recipe/userroles/utils.go
@@ -24,6 +24,11 @@ func validateAndNormaliseUserInput(appInfo supertokens.NormalisedAppinfo, config
 
 	typeNormalisedInput := makeTypeNormalisedInput(appInfo)
 
+	if config != nil {
+		typeNormalisedInput.SkipAddingRolesToAccessToken = config.SkipAddingRolesToAccessToken
+		typeNormalisedInput.SkipAddingPermissionsToAccessToken = config.SkipAddingPermissionsToAccessToken
+	}
+
 	if config != nil && config.Override != nil {
 		if config.Override.Functions != nil {
 			typeNormalisedInput.Override.Functions = config.Override.Functions

Original file line number	Diff line number	Diff line change
`@@ -16,10 +16,16 @@`
`16`	`16`	`package userrolesmodels`
`17`	`17`
`18`	`18`	`type TypeInput struct {`
	`19`	`+ SkipAddingRolesToAccessToken bool`
	`20`	`+ SkipAddingPermissionsToAccessToken bool`
	`21`	`+`
`19`	`22`	`Override *OverrideStruct`
`20`	`23`	`}`
`21`	`24`
`22`	`25`	`type TypeNormalisedInput struct {`
	`26`	`+ SkipAddingRolesToAccessToken bool`
	`27`	`+ SkipAddingPermissionsToAccessToken bool`
	`28`	`+`
`23`	`29`	`Override OverrideStruct`
`24`	`30`	`}`
`25`	`31`